The Wilson Sonsini files

HP has said that its conduct in the 2006 pretexting scandal was an aberration. But a close look at its lawyer's files may tell a different story.

By Nicholas Varchaver, Fortune senior writer

NEW YORK (Fortune) -- Since the day he was hired last October, Hewlett-Packard's chief ethics and compliance officer, Jon Hoak, has been focused on one overarching goal: Closing the book on the computer giant's 2006 "pretexting" scandal.

Despite publicly calling the incident an "aberration" that didn't reflect HP's corporate values, Hoak has overhauled the company's compliance staff and its investigative procedures. By the end of July, he must submit a report to the California attorney general's office that lays out the steps HP has taken to make sure that such misbehavior won't happen again. But an ongoing legal dispute between HP (Charts, Fortune 500) and a former executive has raised new questions about just how extensive the company's ethical lapses were in the first place.

Hewlett-Packard says former VP Karl Kamb betrayed the company. He claims HP got his private phone records and spied on Dell. Fortune's Nicholas Varchaver reports. (Read the feature.)

The strange saga of former HP vice-president Karl Kamb (read the article here) has at least one echo of HP's 2006 scandal, in which the company was flayed for obtaining the private phone records of reporters, board members, and employees under false pretenses - the practice known as pretexting - in an effort to determine the source of boardroom leaks. (A total of 24 people were pretexted in the leak probe, whose two stages were known inside HP as "Kona I" and "Kona II." The snoopers tracked a total of 1,750 different calls and 590 phone numbers, according to a declaration in a California legal proceeding.)

How prevalent was pretexting at Hewlett-Packard? The answer may lie in a trove of documents that HP provided to Congress last summer. HP asked one of its law firms, Wilson Sonsini, to question HP employees regarding pretexting; the law firm then summarized the responses. And while some of the resulting summaries have been discussed in connection with the Kona case, there are has been little mention of the fact that they appear to contain clues about how HP went about investigations outside of the Kona case.

HP continues to describe the pretexting imbroglio as a series of isolated incidents, not standard procedure. "The use of pretexting to obtain telephone call information in the Kona investigation was an aberration," says Bob Sherbin, HP's vice-president, external communications, in a statement. "While HP cannot conclude that investigators working on our behalf never previously used the tactic, such activity was not a normal part of HP's corporate investigations. Pretexting to obtain telephone call information has been clearly prohibited by the company since the events of last autumn."

Here are excerpts from the Wilson Sonsini investigation files:

Jim Fairbaugh, director of global security, HP

What he told the lawyers: "Fairbaugh said HP was familiar with the technique of pretexting before Kona I, but did not believe HP ever employed the technique itself. Rather, he thought pretexting probably had been used by HP previously through someone like DeLia. Pretexting would be used predominantly in cases involving unauthorized disclosures to determine the identity of suspects."

Ronald DeLia, Security Outsourcing Solutions (an investigative firm that HP no longer uses)

What he told the lawyers: DeLia "has been working with HP for 8 or 9 years.... historically, about half of his work has been for HP.... for the past eight to ten years, DeLia has used ARG [another contractor] for pretexting."

DeLia's lawyer declined to be interviewed by Fortune for this story.

Kevin Hunsaker, former senior counsel, and later, director of ethics, HP

What he told the lawyers: "Hunsaker first learned that HP had used pretexting to obtain phone records in July 2005 in connection with an unrelated HP investigation. One of the subjects of the investigation was going through a messy divorce, and his attorney contacted Hunsaker, claiming that HP had attempted to change his PIN in order to access his voicemail. Hunsaker's team told him they had not altered the subject's PIN or voicemail, but had used pretexting to obtain phone information about the subject."

Hunsaker's lawyer, Michael Pancer, tells Fortune that Hunsaker was misquoted by the Wilson Sonsini lawyers and that the pretexting mentioned here did not occur. Wilson Sonsini declined comment.

Anthony Gentilucci, former manager of global security investigations, HP

What he told the lawyers: "Gentilucci indicated that he has conducted probably thousands of investigations. He said that pretexting is done primarily through outside agents. He added that pretexting is a common investigative methodology. As an example, he said that recently he retained the services of a third-party individual to use pretexting to quickly obtain information about someone, though, he added, it was not necessarily to get phone records."

Excerpt from e-mail, 1/30/06, from Gentilucci to Hunsaker: "We use pretext interviews on a number of investigations to extract information and/or make covert purchases of stolen property, in a sense, all under cover operations."

When asked about the Wilson Sonsini document, Gentilucci's lawyer, Ismail Ramsey told Fortune, "Tony never personally participated in 'pretexting.' But he was aware that on occasion 'pretexting' was done by HP investigators. He was repeatedly advised by respected lawyers, both inside and outside of HP, that 'pretexting' was a lawful investigative technique." Top of page